Vulnerability: Formular Injection in Pimcore Data Object CSV Import

Vulnerability: Formular Injection in Pimcore Data Object CSV Import

CVE-2021-37702 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.

Learn more about our Open Source Audit.